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Amendments to the Claims: 

This listing of claims will replace all prior versions, and listings of claims in the application: 

Listing of Claims: 

1 . (Currently amended) A method for detecting clones (unauthorized 
duplicate identities) of the client, the method comprising: 

forwarding a first signal from a client to a KDC, the first signal for requesting 
access to a server; 

verifying that the client is authorized to access the server; 

transmitting a ticket from the KDC to the client, the ticket for providing access to 
the server, wherein the ticket is valid for a time T; 

receiving a second signal from an entity, the second signal for requesting access 
to the server, wherein the entity has identifying information identical to the client; and 



the entity as a possible clone or denying the s econd reque s t in order to prevent access to the 
server for further investigation while granting access to the server , 

2. (Original) The method of claim 1 further comprising 

providing a session key in the ticket, the session key being valid for a designated 

duration. 

3. (Original) The method of claim 2 wherein the designated duration is for 
determining the time T for which the ticket is valid. 



if the second request is received prior to expiration of the time T, cither marking 



4. 



(Canceled) 



5. 



(Currently amended) The system of claim [4] 18 wherein the entity is a 



clone. 



6. 



(Original) The system of claim 5 wherein the identifying information is a 



client identifier copied by the clone. 
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7. (Currently amended) The system of claim [4] 18 wherein the ticket 
further comprises an encrypted session key. 

8. (Original) The system of claim 7 further comprising 

the client deriving a copy of the session key for accessing the application server. 

9. (Original) The system of claim 8 wherein the session key is derived using 
a key agreement algorithm. 

10. (Original) The system of claim 9 wherein the key agreement algorithm is 
the Diffie-Hellman algorithm. 

11. (Original) The method of claim 1 further comprising 

using a key algorithm for authenticating communication between the KDC and 
the client such that all clients wishing access to the server are required to contact the KDC. 

12. (Currently amended) The method of claim [4] 1 further comprising 
requiring all entities wishing to access the server to communicate with the KDC. 

13. (Original) A system for detecting clones (duplicate identities) of an 
authorized computing device in a communication network, the system comprising: 

a first computing device; 

a second computing device authorized to access the first computing device; 

a key management means for providing to the second computing device, a 
session key for accessing the first computing device, the session key being invalid after a period 
T; 

the key management means receiving one or more requests from an entity, to 
access the first computing device, the entity having identifying information identical to the 
second computing device; and 

the key management means permitting the entity to access the first computing 
device, provided the number of access requests received during period T, is M or less requests. 



Page 3 of 10 



Appl. No. 10/086,302 PATENT 

Amdt. dated January 3, 2006 

Reply to Office Action of October 4, 2005 

14. (Original) The system of claim 13 wherein the key management means 

utilizes Diffie-Hellman key agreement algorithm to distribute session keys. 

-> 

15. (Original) The system of claim 13 further comprising 

the key management means flagging the entity if more than M requests are 
. received from the entity. 

16. (Original) The system of claim 13 wherein the identifying information is 
an identifier for the second computing device. 

17. (Original) The system of claim 13 further comprising 

the key management means denying access to the first computing device, if more 
than M requests are received. 

18. (Currently amended) A system for detecting clones of a client within a 
communication network, the system comprising: 

aKDC; 

a server communicably coupled to the KDC; 

a client for receiving a ticket from the KDC, wherein the ticket is for accessing 
the server, arid is valid for a time duration T; 

the server receiving from the client a first request to access the server, the first 
request being accompanied by the ticket; 

the server recording the time duration T for which ticket is valid; 

the server receiving from an entity, a second request to access the server, the 
entity having identifying information identical to the client and i 

the server cither flagging or denying the second request to prevent acce s s to the 
server, if the second request is received during the time duration T , as a possible fraudulent 
request from a clone while allowing access; and 

the server thereafter denying the second request if received more than a 
predetermined number of times during the time duration T . 
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19. (Original) The system of claim 1 8 further comprising 
the KDC encrypting a session key within the ticket; and 

the client extracting a copy of the session key in a manner that no entity other 
than the client can access the session key. 

20. (Original) The system of claim 18 further comprising 
necessitating by the system, all clients wishing to access the server to 

communicate with the KDC. 

21 . (Currently amended) The method system of claim 1 8 wherein a ticket 
granting server is the server, and the ticket is a ticket granting ticket. 

22. (Currently amended) A method for detecting clones in a communication 
network, the method comprising: 

providing a ticket to an authorized client, the ticket for accessing a KDC, the 
ticket having a session key valid for a time duration T; 

receiving a request to access the KDC, the request being received from an entity 
with the same identifying information as the authorized client; and 

if the request is received during time T, flagging the entity as a possible clone er 
while granting access to the KDC, and thereafter denying the request to access to the KDC if 
the request is received more than a predetermined number of times . 

23. (Original) The method of claim 22 wherein the ticket is a TGT (ticket 
granting ticket). 

24. (Original) The method of claim 1 wherein the KDC marks the entity as a 
possible clone or denies the second request in order to prevent access to the server. 

25. (Original) The method of claim 1 wherein the server marks the entity as a 
possible clone or denies the second request in order to prevent access to the server. 
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26. (Currently amended) The method of claim [18] 1 wherein the KDC is the 

server. 

27. (New) The method of claim 1, wherein if, during investigation, the 
second signal is received a predetermined number of times prior to expiration of the time T, the 
second request is thereafter denied in order to prevent access to the server. 
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